SZZG007 Customer CRM
AdvisoryAudited by Static analysis on Apr 14, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Customer records or cloud CRM tables could be changed, merged, corrected, or cleaned up automatically in ways the user did not explicitly review.
These instructions authorize automated changes to CRM records and cloud stores, including conflict handling and cleanup, without specifying user approval, dry-run review, rollback, or record scope.
“双向同步 - 自动检测冲突并解决”; “定期更新 - 每日/每周自动同步”; “数据清洗 - 去重、补全、纠错”
Require explicit user approval before sync, cleanup, or status changes; add dry-run reports, backups, rollback instructions, and clear scoping for affected customers and tables.
Installing or using the skill may require access to third-party CRM spreadsheets or bitables that was not obvious from the registry metadata.
The skill introduces cloud account credentials for Feishu Bitable and Google Sheets while the registry metadata declares no required env vars or primary credential, and the artifacts do not define least-privilege scopes.
“FEISHU_APP_TOKEN=your_app_token”; “GOOGLE_CREDENTIALS=your_credentials”
Declare all credential requirements in metadata and document exact scopes, target tables/sheets, rotation guidance, and whether write access is required.
Customer personal and business data may be kept locally and copied to cloud systems for later reuse.
The skill persistently stores and syncs customer PII, social/contact details, and business history. This is aligned with a CRM, but it is sensitive information that needs clear handling rules.
“姓名、邮箱、公司、国家”; “LinkedIn、Instagram、WhatsApp”; “本地存储 - SQLite/JSON”; “云端同步 - Feishu Bitable/Google Sheets”
Use only approved customer data, define retention and deletion rules, encrypt local storage, and verify that cloud destinations are authorized for this data.
Customer names, emails, communication history, or sales status could be shared with other skills more broadly than intended.
The skill plans to pass customer data and status updates among other skills/agents, but does not define identity checks, permissions, allowed fields, or data-minimization boundaries.
“szzg007-email-business-manager | 同步邮件 → 更新客户状态”; “szzg007-web-deep-research | 输入客户名 → 背调补全资料”; “szzg007-multi-agent-orchestrator | 分配任务 → 跟进客户”
Document inter-skill data contracts, restrict fields shared with each skill, require user approval for external research or task delegation, and log cross-skill transfers.
Users cannot verify from these artifacts how the advertised sync, cleanup, reporting, or security behavior would actually be performed.
SKILL.md references helper scripts for high-impact CRM operations, but the provided file manifest contains only SKILL.md and no code files, so the implementation cannot be reviewed here.
“scripts/ … add.py … update.py … sync.py … report.py … cleanup.py”
Provide the referenced scripts or remove the script references; pin and document any dependencies before asking users to trust automated CRM operations.
A user may assume encryption, masking, access control, audit logs, and backups exist when they are not demonstrated in the package.
The skill claims strong security controls, but the supplied artifact set is instruction-only and does not show code, configuration, or procedures that implement those controls.
“✅ 客户数据加密存储”; “✅ 敏感信息脱敏”; “✅ 访问权限控制”; “✅ 操作日志记录”; “✅ 定期备份”
Treat these as security goals until verified; require implementation details, configuration steps, and testable evidence for each promised control.